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CLAIMS 

What is claimed is: 



1 1. A method of obscuring cryptographic computations comprising: 

2 performing modular exponentiation in a cryptographic computation such 

3 that memory accesses are independent of the numerical value of the exponent. 
4 

1 2. The method of claim 1 , wherein performing modular exponentiation 

2 comprises replacing a conditional multiplication operation with an unconditional 

3 multiplication operation. 
4 

1 3. The method of claim 2, wherein the unconditional multiplication 

2 operation uses an obscuring factor. 
3 

1 4. The method of claim 3, further comprising wherein for each bit in the 

2 exponent, determining the obscuring factor by multiplying a quantity by a 

3 selected bit of the exponent plus one, the quantity comprising a message minus 

4 one. 
5 

1 5. The method of claim 1 , wherein the exponent comprises at least one of 

2 a signature exponent and a decryption exponent in a RSA cryptographic system, 

3 and the cryptographic computation is at least one of signature and decryption. 
4 

1 6. The method of claim 5, wherein the cryptographic computation 

2 comprises c d mod n, wherein c comprises a ciphertext message, d comprises 

3 the decryption exponent, and n comprises a modulus that is a product of two 

4 prime numbers. 
5 

1 7. The method of claim 1 , wherein the modular exponentiation is 

2 performed as part of a Diffie-Hellman key exchange process. 
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3 

1 8. The method of claim 1 , wherein the modular exponentiation is 

2 performed as part of a Digital Signature Algorithm (DSA) process. 
3 

1 9. The method of claim 1 , further comprising applying a window method 

2 as part of performing the modular exponentiation and retrieving pre-computed 

3 powers from one to 2 V of a message from a memory, where v is the size of a 

4 window into the exponent's bits. 
5 

1 1 0. A method of obscuring cryptographic computations by performing 

2 modular exponentiation of an exponent in a cryptographic computation such that 

3 memory accesses are independent of the exponent bit pattern comprising: 

4 setting an intermediate value to a message; and 

5 for each bit i in the exponent, setting the intermediate value to the 



6 intermediate value multiplied by the intermediate value mod a modulus, wherein 

7 the modulus comprises a product of two prime numbers, determining a current 

8 obscuring factor using the i'th bit of the exponent, and setting the intermediate 

9 value to the intermediate value multiplied by the current obscuring factor mod the 
10 modulus. 

11 

1 11. The method of claim 10, wherein determining the current obscuring 

2 factor comprises determining the current obscuring factor by multiplying a 

3 quantity by a selected bit of the exponent plus one, the quantity comprising the 

4 message minus one. 
5 

1 12. The method of claim 10, wherein the exponent comprises at least one 

2 of a signature exponent and a decryption exponent in a RSA cryptographic 

3 system, and the cryptographic computation is at least one of signature and 

4 decryption. 
5 
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1 13. The method of claim 10, further comprising applying a window 

2 method as part of performing the modular exponentiation and retrieving pre- 

3 computed powers from one to 2 V of the message from a memory, where v is the 

4 size of a window into the exponent's bits. 
5 

1 14. A method of obscuring cryptographic computations by performing 

2 modular exponentiation of an exponent in a cryptographic computation such that 

3 memory accesses are independent of the exponent bit pattern comprising: 

4 picking a random number between one and a modulus minus one, the 

5 modulus comprising a product of two prime numbers; 

6 determining an intermediate value based at least in part on the random 

7 number and a message; 

8 determining a first obscuring factor and a second obscuring factor using 

9 the message and the inverse of the random number; 

10 for each bit i in the exponent, setting the intermediate value to the 

1 1 intermediate value multiplied by the intermediate value mod the modulus, 

12 determining a third obscuring factor using the i'th bit of the exponent and the first 

13 and second obscuring factors, and setting the intermediate value to the 

14 intermediate value multiplied by the third obscuring factor mod the modulus; and 

15 setting a new message to the intermediate value multiplied by the second 

1 6 obscuring factor mod the modulus. 
17 

1 15. The method of claim 14, wherein determining the intermediate value 

2 comprises setting the intermediate value to the message multiplied by the 

3 random number mod the modulus. (it's line 7, there is no line 14 in Table III) 
4 

1 16. The method of claim 14, wherein determining the first obscuring 

2 factor comprises setting the first obscuring factor to the message multiplied by 

3 the inverse of the random number mod the modulus. 
4 
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1 17. The method of claim 14, wherein determining the third obscuring 

2 factor comprises setting the third obscuring factor to 

3 (w AND dj) OR (s AND (NOT d-,)), wherein w is the first obscuring factor, 

4 d, is the i'th bit of the exponent, and s is the second obscuring factor. 
5 

1 18. The method of claim 14, wherein the exponent comprises at least one 

2 of a signature exponent and a decryption exponent in a RSA cryptographic 

3 system, and the cryptographic computation is at least one of signature and 

4 decryption. 
5 

1 19. The method of claim 18, wherein the cryptographic computation 

2 comprises c d mod n, wherein c comprises a ciphertext message, d comprises 

3 the decryption exponent, and n comprises the modulus. 
4 

1 20. The method of claim 14, wherein the modular exponentiation is 

2 performed as part of a Diffie-Hellman key exchange process. 
3 

1 21 . The method of claim 14, wherein the modular exponentiation is 

2 performed as part of a Digital Signature Algorithm (DSA) process. 
3 

1 22. The method of claim 14, further comprising applying a window 

2 method as part of performing the modular exponentiation and retrieving pre- 

3 computed powers from one to 2 V of the message from a memory, where v is the 

4 size of a window into the exponent's bits. 
5 

1 23. The method of claim 22, further comprising multiplying each of the 

2 powers of the message by s (2Av " 1) mod the modulus, where s = t" 1 MOD nand t 

3 is the random number. 
4 

1 24. An article comprising: a storage medium having a plurality of machine 

2 readable instructions, wherein when the instructions are executed by a 
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3 processor, the instructions provide for obscuring cryptographic computations by 

4 performing modular exponentiation of an exponent in a cryptographic 

5 computation such that memory accesses are independent of the numerical value 

6 of the exponent. 
7 

1 25. The article of claim 24, wherein performing modular exponentiation 

2 comprises replacing a conditional multiplication operation with an unconditional 

3 multiplication operation. 
4 

1 26. The article of claim 24, further comprising instructions for applying a 



2 window method as part of performing the modular exponentiation and retrieving 

3 pre-computed powers from one to 2 V of a message from a memory, where v is 

4 the size of a window into the exponent's bits. 
5 

6 

1 27. An article comprising: a storage medium having a plurality of machine 

2 readable instructions, wherein when the instructions are executed by a 

3 processor, the instructions provide for obscuring cryptographic computations by 

4 performing modular exponentiation of an exponent in a cryptographic 

5 computation such that memory accesses are independent of the exponent bit 

6 pattern, the instructions causing 

7 setting an intermediate value to a message; and 

8 for each bit i in the exponent, setting the intermediate value to the 

9 intermediate value multiplied by the intermediate value mod a modulus, wherein 

10 the modulus comprises a product of two prime numbers, determining a current 

1 1 obscuring factor using the i'th bit of the exponent, and setting the intermediate 

12 value to the intermediate value multiplied by the current obscuring factor mod the 

13 modulus. 
14 

1 28. The article of claim 27, wherein determining the current obscuring 

2 factor comprises determining the current obscuring factor as multiplying a 
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3 quantity by a selected bit of the exponent plus one, the quantity comprising the 

4 message minus one. 
5 

1 29. The article of claim 27, wherein the exponent comprises at least one 

2 of a signature exponent and a decryption exponent in a RSA cryptographic 

3 system, and the cryptographic computation is at least one of signature and 

4 decryption. 
5 

1 30. The article of claim 27, further comprising instructions for applying a 

2 window method as part of performing the modular exponentiation and retrieving 

3 pre-computed powers from one to 2 V of a message from a memory, where v is 

4 the size of a window into the exponent's bits. 
5 

1 31 . An article comprising: a storage medium having a plurality of machine 

2 readable instructions, wherein when the instructions are executed by a 

3 processor, the instructions provide for obscuring cryptographic computations by 

4 performing modular exponentiation of an exponent in a cryptographic 

5 computation such that memory accesses are independent of the exponent bit 

6 pattern, the instructions causing picking a random number between one and a 

7 modulus minus one, the modulus comprising a product of two prime numbers; 



8 determining an intermediate value based at least in part on the random 

9 number and a message; 

10 determining a first obscuring factor and a second obscuring factor using 

1 1 the message and the inverse of the random number; 

12 for each bit i in the exponent, setting the intermediate value to the 

13 intermediate value multiplied by the intermediate value mod the modulus, 

14 determining a third obscuring factor using the i'th bit of the exponent, and the 

15 first and second obscuring factors, and setting the intermediate value to the 

16 intermediate value multiplied by the third obscuring factor mod the modulus; and 

17 setting a new message to the intermediate value multiplied by the second 

18 obscuring factor mod the modulus. 
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1 32. The article of claim 31 , further comprising instructions for applying a 

2 window method as part of performing the modular exponentiation and retrieving 

3 pre-computed powers from one to 2 V of the message from a memory, where v is 

4 the size of a window into the exponent's bits. 
5 

1 
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